Providing all the extra info that didn't make it into the BlackHat 2012 USA Presentation "Still Passing the Hash 15 Years Later? Using the Keys to the Kingdom to Access All Your Data" by Alva Lease 'Skip' Duckwall IV and Christopher Campbell.

Friday, July 20, 2012

Soon to be live from BlackHat USA 2012

Thanks for checking our blog out!

I'm Skip Duckwall and I wanted to take a moment to outline my future plans for this blog relating to our presentation "Still Passing the Hash 15 years Later? Using the Keys to the Kingdom to Access All Your Data"

Over the next few days and weeks we plan on using the blog to document some of the features discussed during the BlackHat presentation. Much of the documentation for the various suites of utilities is sparse and difficult to comprehend.

We will discuss how to build the utilities, how to use the utilities in a Windows environment during a penetration test, discuss how to set up a lab to experiment with the various utilities and hopefully point out some tips and pitfalls we've run into when using these utilities in the field.

Chris and I have also developed a spreadsheet that demonstrates how to use the various command line utilities in both Windows and Linux to perform common tasks. We call this document "The Pass The Hash Rosetta Stone" and it will be available shortly after our presentation in Vegas.

We are also working with Purehate from the Backtrack team to possibly integrate the tools directly into Backtrack to make them much easier to use.

We will update with links when our project gets posted in the next few days. Look forward to seeing you at Vegas!